1. Field of the Invention
This invention pertains in general to computer security and in particular to detection a computer worm and/or other type of malicious software.
2. Description of the Related Art
A “worm” is a type of malicious software that attempts to infect multiple computer systems. There are a number of ways a worm can initially execute on a computer system. For example, an end-user might unintentionally download the worm from the Internet as a parasitic virus attached to a program. Alternatively, a worm might infect the computer system using transmission media such as email scripts, buffer overflow attacks, password cracking, etc.
Typically, the primary purpose of a worm is to spread to other computer systems. The worm accomplishes this feat by installing versions of itself on the other computer systems. A successful worm spreads rapidly and can quickly damage many computer systems. A worm can also include functionality to infect files on its host computer system, destroy data on the computer system, and/or perform other malicious actions.
One technique for preventing attacks by worms, computer viruses, Trojan horses, and other types of malicious software to install security software on the computer system. However, it is sometimes not practical to use security software on certain computer systems. Moreover, security software might fail to detect previously unknown malicious software. In addition, certain types of malicious software use programming techniques, such as polymorphism or metamorphism, that hamper the effectiveness of security software.
Accordingly, there is a need in the art for a way to detect and block worms and other types of malicious software that does not suffer the drawbacks of current security software.